zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Lockdown intranet services behind tailscale

Browse Source
This commit is contained in:
Zuckerberg
2024-06-21 20:02:56 -06:00
parent 4d658e10d3
commit d557820d6c
10 changed files with 162 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
common/server/nginx.nix
View File

@@ -4,6 +4,10 @@ let
cfg = config.services.nginx;
in
{
options.services.nginx = {
openFirewall = lib.mkEnableOption "Open firewall ports 80 and 443";
};
config = lib.mkIf cfg.enable {
services.nginx = {
recommendedGzipSettings = true;
@@ -12,6 +16,8 @@ in
recommendedTlsSettings = true;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx.openFirewall = lib.mkDefault true;
networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ 80 443 ];
};
}